This has been discussed quite a few times before, which may be why not many developers have commented.

Theymos' entry is incomplete, so I extended it. There's another situation in which it's safe to delete transaction data: if you can prove it'll never be used. The transactions that embedded flags, ASCII Bernanke etc could be deleted without risk because the chances of finding a private key that hashes to a line of English text is extremely remote. What's more, transactions with non-random looking hashes or pubkeys can be automatically identified.

Doesn't changing the block result in invalidating Merkle root of that block, invalidating the block and the rest of block chain?

Or you meant that the miner may choose to skip the bogus transactions prior to mining the hash for given block? How? Setting a strict rules on his bitcoind? Still, some data may escape and become permanent.

There's another situation in which it's safe to delete transaction data: if you can prove it'll never be used. The transactions that embedded flags, ASCII Bernanke etc could be deleted without risk because the chances of finding a private key that hashes to a line of English text is extremely remote. What's more, transactions with non-random looking hashes or pubkeys can be automatically identified.

True, but it's not too difficult for the attacker to insert arbitrary data with OP_DROP and have Eligius or some other tolerant miner include it into a block. Then the arbitrary data is spendable and can't be forgotten.

Judges would certainly frown on attempts to game the legal system like this, it'd just be a waste of court time, and might be considered entrapment.

I'm not so sure about this. Courts are used to being able to order service providers to remove illegal material, but with Bitcoin this is uniquely a technical impossibility. They might not understand. And it would be easy to get an emotional response out of average people: "Breaking news: Bitcoin banks refuse to delete child porn."

Doesn't changing the block result in invalidating Merkle root of that block, invalidating the block and the rest of block chain?

The protocol would need to be changed so a node can provide partial blocks. That's the point of the merkle tree structure, the pruning aspect was just never implemented.

In the case where an output both contains arbitrary data and is also spendable, you do indeed need to get >50% of the mining power to delete the transaction.

I think it'd be easy to make an analogy to a judge. If you publish a full page ad in the New York times containing some obfuscated or encrypted illegal material, that doesn't make the NYT, the printing company or people who bought the paper guilty of a crime. Now, the court of public opinion on the other hand ....

Gavin I think you're missing the point of this thread: we are certainly not advocating people do this, nor trying to protect people who do. Rather we are trying to figure out a way to protect innocent users from a bad person who does this while maintaining the integrity of the blockchain/ledger.

I still think it would be nice to know what exactly the protocol would be if this happens. Again, the semi-unique thing about bitcoin is that the data could be injected in a way that you can't reasonably remove it. In most other contexts, upon being notified of such data's existence we could just delete it and be on our way.

Mike mentioned one could prune these things if it they were known, but it's conceivable that data could be stored in a way that would still enable coins to be spent (using OP_DROP, or just using low order bits etc).

My concern is that in this instance one could end up knowingly being in possession of bad things.

I have trouble believing that you could get into legal trouble for having illegal incidental data from legitimate activities on your computer. If you can, then we're all in trouble, because it is very easy to put illegal data in your web browser's cache (JPEG and other image file formats let you store arbitrary, not-normally-shown metadata, for example). I don't think it would be hard to convince a jury that the block-chain is like your web browser's cache-- full of lots of incidental stuff that is needed for the system to work, but doesn't have anything to do with you. Now if you happen to have one of the private keys involved in the illegal transactions, THEN you should go directly to jail....

Adding code to "shun" certain spend-able transactions wouldn't be hard, although I think that's a bad idea for the same reason it is a bad idea to respond to trolls on forums-- you'd just encourage the bad guys by drawing attention to their misbehavior.

How often do you get the chance to work on a potentially world-changing project?

IF (big if) somebody managed to insert a noticable amount of real child porn in such a way that a simple one line command could extract it, waits for it to be really deep in the chain before announcing it to the public, and if this happened before the filtering and pruning mechanisms are implemented - I'd imagine we could have a problem. Or maybe embed ROT13s of phrases that are highly offensive and inflaming to lots of religious people and would likely prevent them from ever accepting bitcoin as long as they remain in the chain - say "Allah is evil and not a true god" or some such. Again in such a way that anybody could extract them with a simple command.

In such a case what could be done after the fact? Could they still be trimmed out of the chain without invaldiating the block links and the whole transaction history after they were included? Or is that impossible at this point?

*Image Removed* I'm not asking for donations, but if you think YOUR post is deserving a donation FROM me, send me a message.

I really don't think this is an issue. If Oprah opens some of her fan mail and there is child porn inside, would she get arrested and go to jail for being in possession of child pornography? What if someone turns in a paper to a professor and it has illegal things in it? It would set a dangerous precedent I think.

I don't know the answer to this, but what if someone ran a Tor node and illegal things were sent through it? Same with proxy and VPN services. I'd think that VPNs would be non-existent if this was the case.

The generation of vanity address just remind me the possibility of embedding arbitrary file and information into the block chain, particularly, a transaction record. An attack would look like this:

Embedding arbitrary file

Convert a file (with encryption) into a string of Base58

Split the string into, say, 4 characters per piece

Generate vanity addresses with the 4 characters at the beginning

Order them in a transaction

Send money to the address and pay some transaction fee

The information will then permanently embedded into the blockchain. The only way to solve this problem is to change the transaction record into a simple account balance periodically. Since now the ordering disappear, so you cannot extract the information anymore.

Theymos' entry is incomplete, so I extended it. There's another situation in which it's safe to delete transaction data: if you can prove it'll never be used. The transactions that embedded flags, ASCII Bernanke etc could be deleted without risk because the chances of finding a private key that hashes to a line of English text is extremely remote. What's more, transactions with non-random looking hashes or pubkeys can be automatically identified.

This is true, but with a major caveat: the only way to prove to someone else that the transaction data is safe to delete is to give them a copy of it, which means you need to have a copy of it. Without the ability to prove this, newcomers have to trust they aren't being lied to. I think this may open up a potential double-spending attack or possibly worse; while the nodes that had a copy of the expunged data at some point can safely mark the correct transaction outputs as spent no-one else can confirm what it spent.

(Also, if someone manages to get non-standard scripts into blocks, they can create transactions that are spendable but require you to keep a copy of arbitrary data in order to be able to validate future transactions that spend them.)

Data can also be included in tx input scripts. However data blocks there don't have any effect on anything, ie, with the right database structure you can record the original hash of the transaction, then delete the unneeded data blocks if they have no effect on the connected output script.

Of course, as I understand it the transaction ID is computed as the hash of the transaction, so you can no longer prove that the transaction in question has the ID you claim it has, that the block that contains it or any blocks building on that block are valid, or even that the block that contains it does actually contain it rather than some other transaction you want to maliciously replace.

If you encrypt the data before putting it into the block chain, the bad transactions probably can't be reliably identified. However they also shouldn't pose any legal threats to the miners. If the key is publically revealed, the same as above applies - the outputs can be removed without risk.

Which again pretty much requires some kind of trusted central censorship body, with all the transparency problems that entails. At the very least they could maliciously render particular bitcoins unspendable, which means that someone could get a court injunction forcing them to do so.

If I have an unopenable box and tell you there is something illegal in it, is that illegal. You can't rove it or see it or know that it exists, therefore no harm is done. Something embedded in a block isn't visible unless you know the key, and on simple viewing would not be illegal.

A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal). Is this post therefore illegal?

A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal). Is this post therefore illegal?

Depends on the jurisdiction and what the court rules. For a defamatory statement it would be worth the risk, but would you want to take the risk of uploading child porn given the life-ruining consequences of even being accused?

A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal). Is this post therefore illegal?

Depends on the jurisdiction and what the court rules. For a defamatory statement it would be worth the risk, but would you want to take the risk of uploading child porn given the life-ruining consequences of even being accused?

I think that this is a very real risk to the current system.

I just used defamation as an example (and as you say, it depends of jurisdiction). I was more making the point that with the correct key or filter you could make anything look like anything else. And if you don't know it's there and can't extract it, is that criminal?

A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal). Is this post therefore illegal?

Depends on the jurisdiction and what the court rules. For a defamatory statement it would be worth the risk, but would you want to take the risk of uploading child porn given the life-ruining consequences of even being accused?

I think that this is a very real risk to the current system.

I just used defamation as an example (and as you say, it depends of jurisdiction). I was more making the point that with the correct key or filter you could make anything look like anything else. And if you don't know it's there and can't extract it, is that criminal?

Alternatively, if you DO know it is there, is it criminal? If anyone did embed something illegal into the blockchain, then released the decryption method to the public, then everyone would know it was there, and anyone could extract it. But whether it is illegal to have such content in the blockchain has yet to be determined.

I have trouble believing that you could get into legal trouble for having illegal incidental data from legitimate activities on your computer. If you can, then we're all in trouble, because it is very easy to put illegal data in your web browser's cache (JPEG and other image file formats let you store arbitrary, not-normally-shown metadata, for example). I don't think it would be hard to convince a jury that the block-chain is like your web browser's cache-- full of lots of incidental stuff that is needed for the system to work, but doesn't have anything to do with you. Now if you happen to have one of the private keys involved in the illegal transactions, THEN you should go directly to jail....

Adding code to "shun" certain spend-able transactions wouldn't be hard, although I think that's a bad idea for the same reason it is a bad idea to respond to trolls on forums-- you'd just encourage the bad guys by drawing attention to their misbehavior.

90% of all US bills carry traces of cocaine. Are 90% of all US currency holders potentially arrestable on charges of narcotics possession?

Alternatively, if you DO know it is there, is it criminal? If anyone did embed something illegal into the blockchain, then released the decryption method to the public, then everyone would know it was there, and anyone could extract it. But whether it is illegal to have such content in the blockchain has yet to be determined.

If I know "something" is there, but don't know what, maybe I'm just paranoid rather than criminal.

It's like a whole lot of wiki-leak files that are available but not unlocked - someone knows the key, and someone could find the key, but just because I could access it (locked or unlocked) doesn't turn me into a criminal. If I did access the file in a locked state, but not know it's contents, that would also be a hard point to press. (reference receipt of stolen goods - there is a difference between knowing they are stolen or not)

Alternatively, if you DO know it is there, is it criminal? If anyone did embed something illegal into the blockchain, then released the decryption method to the public, then everyone would know it was there, and anyone could extract it. But whether it is illegal to have such content in the blockchain has yet to be determined.

If I know "something" is there, but don't know what, maybe I'm just paranoid rather than criminal.

It's like a whole lot of wiki-leak files that are available but not unlocked - someone knows the key, and someone could find the key, but just because I could access it (locked or unlocked) doesn't turn me into a criminal. If I did access the file in a locked state, but not know it's contents, that would also be a hard point to press. (reference receipt of stolen goods - there is a difference between knowing they are stolen or not)

Sorry, in my scenario, I meant to infer that you would also be informed of what was there.

somehow this discussion got back to "with the right key any sequence of bits can be illegal".

Guess this is pointless as it is possible for sure to get any data into the chain. Just donate x satoshi to the faucet every hour with x being the ascii value of a letter of for example the "satanic verses". 8bph is slow. 2 months per page. but who would stop you? Later you announce that transactions from this one address form the satanic verses if read in sequence of their occurrence. No way to remove. Easy to decode. No bogus one time key needed.

the other thing was: if i open a letter with child porn/get such stuff smuggled into my browser cache ... no: those are examples where you don't know of the illegal content. this thread is about what if you know it is there and know how to decode but don't want it? so the analogy with the newspaper would rather be: what if somebody gets miniature child porn into a magazine add? the answer is quite clear: the magazine would not be allowed for sales from the moment they know about it.

i still see this could be a serious problem that might require drastic measures at some point like "genesis block 2" with all the balances but without the transactions to clean up the mess and i see no way to prevent such data from getting in. in some countries judges might be relaxed about it but some might make bitcoin illegal for such illegal content in the chain.